NINTENDO’ SDS. 


Hacker Enforcement Proposal 


OVERVIEW 


For years, Nintendo has been investigating the progress of various hacking groups 
and sharing this information with Nintendo Co., Ltd. (“NCL”) engineers. 

e In January 2013, the Nintendo of America Anti-Piracy Team (NOA APT) 
presented Nintendo Co., Ltd. (“NCL”) with an investigative report and 
recommendations for addressing one of the most highly regarded 3DS 
hackers, Domien Nowicki (“Neimod”) of Belgium. 

e Since then, the Team has collected and shared key intelligence and data 
regarding Neimod’s hacking progress with Nintendo Europe Research & 
Development (“NERD”) and NCL engineers. 

o NCL has implemented software updates (NUP), which have addressed 
many of these exploits. 

e The APT has also conducted deeper investigations of Neimod’s online and 
daily activities. 

o Additionally, APT has worked with local Counsel to further refine the 
legal analysis and drafting of a Criminal Complaint based on Nintendo's 
strongest claims. 

e Below is a summarized update of investigative findings, and the final 
proposal for conducting a Knock-and-Talk with “Neimod.” 


3DS HACKING STATUS SNAPSHOT/ONLINE INVESTIGATION 


Nintendo has been monitoring the Internet for 3DS hacking attempts since the 3DS 
launch in March 2011. NOA APT uses Internet Crimes Group, Inc. (“ICG”) to observe 
hacker communications and to record pertinent information regarding hacker 
exploits. Neimod has made the most significant progress in hacking the 3DS: 


o Neimod claims full control of 3DS in kernel mode (ARMY and ARM11). 

o Neimod achieved this exploit via manipulation of a specific 3DS game 
card (unknown game). 

o Neimod uses a custom field programmable array (FPGA engineering 
device) to interact with the 3DS memory bus and learn 3DS operation 
to find and test the exploit. 

o The exploit involves a corrupted SD card save file used in conjunction 
with the specific 3DS game card. 


Neimod has not released the exploit yet, as he believes Nintendo could quickly fix it 
via NUP. However, his and the group’s knowledge of 3DS is expanding each day; 
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therefore, urgent action is recommended before any public release of their 
exploit(s). Neimod is the priority target for the following reasons: 


e He has been involved in DS and DSi hacking. 

e He enjoys a very high reputation within the hacker scene, for Nintendo 
products 

e He isa highly skilled hardware engineer 


NEIMOD: KEY INVESTIGATIVE FINDINGS 


e Expert Computer Programmer / Hardware Architect. 

o Current Employment: Recipient/Winner of Governmental Grant 
(12,000. Euros) for entrepreneurial work in computer science and the 
arts. He has an office in a well-established and secured business office 
park. 

o Winner of Lucent-Bell Award in 2011 for University thesis project. 

o University graduate with Master of Informatics - Specialty in Hardware 
Architecture. 


e Lifestyle and Activities. 

o ~26 year old male living with parents in Dennengaerdelaan, Belgium. 

o Typical week includes work 9am-5pm Monday through Thursday. 

o Evenings and weekends are primarily spent at home. 

o Surveillance didn’t reveal any friends or visitors entering or leaving the 
residence with Neimod. 

o Only additional activity included a trip to the bank and a restaurant 
(alone). 


LEGAL STICKS: CRIMINAL COMPLAINT & FILING NINTENDO AS A CIVIL / DAMAGED 
PARTY TO THE CRIMINAL COMPLAINT (DRAFT ATTACHED) 


o Strongest claims available to Nintendo under Belgian Criminal Code 
provisions include: 


(Attempt) of External Hacking. 

Reusing of Data or Damage to the Computer System or Data. 
Owning and Production of ‘Hacker Tools”. 

Concealment of Data Obtained through Hacking. 

(Attempt of) Data or System Sabotage. 

Owning and Production of Tools for System Sabotage. 
Circumvention of Technological Protection Measures. 


oS WS 


o Criminal Complaint - Nintendo registers itself as a civil / damaged 
party provides strategic advantages to Nintendo, as follows: 
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1. Nintendo may withdraw its support of the criminal complaint at 
any time (e.g. if Neimod were to change his mind after refusing 
to cease hacking activity). Note that prosecutors could opt to 
continue with the case, even if Nintendo stops supporting the 
proceeding. 

2. If Nintendo files as a civil (damaged) party to the criminal 
proceeding, this allows Nintendo access to the case file, 
updates, defense counsel comments, etc. 

3. Prosecutors may be positively influenced by Nintendo’s passion 
for enforcing its IPR, and consider the case more seriously. 

4. Acriminal indictment carries with it a heightened sense of 
seriousness, stigma, and attention that Neimod would likely 
want to avoid. 

5. Neimod may worry that a criminal prosecution could negatively 
impact his relations with the local government that awarded him 
the grant (for young science and arts entrepreneurs). 


CARROTS - POTENTIAL OPPORTUNITIES & AVOIDANCE OF LEGAL ACTION IN 
EXCHANGE FOR CEASING ALL HACKING OF NINTENDO PRODUCTS AND SYSTEMS 


o Opportunities to collaborate with Nintendo: 
1. Nintendo can refrain from filing a criminal complaint. 


2. Nintendo (at NCL’s and NERD’s discretion) may offer to enter 
into a “Bounty” contract with Neimod: 


A. Nintendo awards Neimod with payment in exchange for finding 
and documenting reproducible exploits and possible patches, 
known or potential security weaknesses, hackers’ practices, 
strengths, etc. This scenario would represent very low risk 
while potentially providing high benefits for Nintendo: 

1. The hacker would work in a “black-box” environment with 
no risk of leaking confidential information as he would 
receive none from Nintendo. 

2. If successful, Nintendo’s public image may be further 
bolstered as a modern, tech-savvy company, while hinting 
that hackers should be cooperative rather than 
aggressive with Nintendo in the future (in contrast to 
Sony’s missteps with George “geohot” Hotz). 


B. Within the parameters of an NDA and in a Nintendo-approved 
statement, Neimod may also announce his success in finding 
exploits or vulnerabilities, after Nintendo feels that the exploits 
have been fixed. “Bragging rights” are a key motivating factor 
for most hackers - perhaps as valuable as the “bounty” reward 
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because of the boost to his reputation. 


C. Nintendo may engage Neimod to “research, reproduce, and 
then document” or “outrun” other hackers’ exploits (which are 
either completed or under development). If he succeeds, it 
would provide Nintendo with valuable advanced knowledge of 
upcoming exploits, and possibly provide enough time to 
address them via update. 


3. Nintendo (at NCL and NERD’ discretion) may offer to engage 
Neimod in a more formal, lengthy employment agreement if 
pleased with Neimod’s initial work and cooperation. This 
engagement could be a remote mission- 
based contract or even as a full-time employment contract with 
relocation in NERD’s Paris office (which is about 90 minutes 
away from Bruxelles by train), if all parties show strong 
motivation. 

4. Collaboration could start on security topics, but his apparent 
intellect and hardware expertise could benefit NERD’s other R&D 
projects in the long run, if all parties consent. 

5. AS a complement, depending on the hacker’s personal interests, 
possible gaming background or as a “Nintendo fan”, unique/rare 
hardware items not sold on the market may be of great value to 
the hacker. For example, engineering samples/prototypes, or 
devices with unique casing colors/design might be of interest. 

6. In the medium term, organizing a trip to Japan to meet NCL’s 
hardware engineers may also represent a very attractive 
opportunity for the hacker who is a young, independent, and 
ambitious hardware engineer. 

7. Nintendo may work with Neimod to offer a “bounty” to any other 
prospective hackers via his own contacts, or at other events. For 
example, The Zero-Day Initiative (ZDI) (www. 

Zerodayinitiative .com) was started by a security division of 
Hewlett-Packard. Interested hackers can earn cash prizes for 
hacking by submitting their successful exploits to a contest. This 
may present another opportunity for Nintendo to interact 
directly with hackers using a “carrot” approach to fix 
vulnerabilities before they become publicly known. 


PROPOSAL: TEAM, TIMELINE POTENTIAL OUTCOMES 
e Knock and Talk (“KT”) Team - should be limited in number so as not to alarm 


or overwhelm Neimod; only a few Team members approach him initially 
(others are nearby or available by phone). 
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Nintendo: NERD - 1 or 2 (Manager, Engineer); NOA - 1 (Counsel) 
Local Counsel: 1 
Trusted Internet Investigator (Communicating in-scene with Neimod): 1 
Local Investigator (law enforcement background): 1 


oo0oo0o 


e Monday April 15, 2013 


e 10 AM: Team assembles at local hotel to discuss and finalize plans. 

o Review and discussion of Neimod’s activities/schedule of the previous 
week. 

o Decide on timing/location of first attempted contact (e.g. after work, at 
home, etc.); decide where other Team members will wait (nearby) 
while contact is made 

o Discuss possible locations to go with Neimod for further discussion 
away from home or work if he wishes (e.g. restaurant, coffee shop 
etc.). 

o Local Investigator alerts Team when Neimod exits from work. 


e 6:30 PM: Contact Team (likely 2 individuals - NERD and NOA Legal) approaches 
Neimod as he arrives home or after he has entered. This first sequence of 
events and conversation normally happens very rapidly: 


o Approach Neimod in a friendly, non-threatening, professional, and 
courteous manner. Make introductions. Provide a business card 
(Nintendo or Local Investigator with local phone number). 


o Engage Neimod in conversation. Acknowledge his 
engineering/programming aptitude; cite his stated intention of not 
facilitating piracy, and relate Nintendo’s concerns that his release of a 
hack could do exactly that. 


o Nintendo states its sincere interest in coming to some sort of mutually 
acceptable agreement with Neimod to discontinue hacking of Nintendo 
systems/products as opposed to pursuing a criminal referral. Draft 
complaint may or may not be shown to Neimod at this point (to 
demonstrate severity and seriousness of the matter) depending on his 
demeanor, reaction, and perceived interest in engaging in discussion. 


o Nintendo emphasizes its interest in further discussion with Neimod 
regarding what could represent an opportunity for both him and 
Nintendo, but that in order to go into detail we would like to talk 
wherever he is comfortable (residence or location of his choice) and 
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that we would first need to enter into a simple Non-Disclosure 
Agreement (NDA attached) in order to share ideas. 


e 6:40 PM: Neimod discontinues conversation, retreats: 


(0) 


(0) 


Nintendo reiterates its interest in discussions with Neimod, advises him 
of a ~12 hour window of opportunity during which he should contact 
Nintendo at the number provided initially if he wishes to discuss and 
avoid legal action. 


The Team assembles back at the hotel to review and discuss the 
events and to await any call from Neimod. 


NCL/NOA updated as to status; Internet Investigators on full alert to 
detect any online discussion by Neimod of the event; NOA ready with 
internal Q&As (recommend against any PR response - “no comment”) 
if any online statements are made. 


e Tuesday April 16, 2013 


e 9:00AM: Neimod fails to contact Nintendo 


(0) 


(0) 


Nintendo attempts to call Neimod. 
If no contact, Team alerts NCL and disperses. 


Nintendo advises Counsel to file criminal legal action or that Nintendo 
will consider further before doing so and follow up with Counsel in the 
near term. 


NOA prepared with reactive PR statement and internal Q&As should 
Nintendo proceed with criminal referral. 


ALTERNATIVE 


e 6:40 PM: Neimod discontinues conversation, retreats: 


(0) 


Nintendo reiterates its interest in discussions with Neimod, advises him 
of a ~12 hour window of opportunity during which he should contact 


(0) 
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Nintendo at the number provided initially if he wishes to discuss and 


avoid legal action. 


The Team assembles back at the hotel to review and discuss the 
events and to await any call from Neimod. 


NCL/NOA updated as to status; Internet Investigators on full alert to 
detect any online discussion by Neimod of the event; NOA ready with 
internal Q&As (recommend against any PR response - “no comment”) 
if any online statements are made. 


10:00 PM: Neimod contacts Nintendo with interest in continuing a dialogue; 
arrange to meet following morning at hotel conference room or other 
acceptable location. 


(0) 


Team updates NCL. 


Tuesday April 16, 2013 


10:00 AM: Neimod and Team meet to discuss “carrots” in more detail 


(0) 


(0) 


Neimod executes the NDA. 


NERD heavily involved in discussion of potential collaborative efforts 
and initial suggestion of a “Bounty” program. Neimod agrees in 
principle to discontinue 


hacking activity aimed at Nintendo, however further discussion on 
details of collaborative relationship required at later date (e.g. 
following week). Contract to be executed at later date. 


Neimod refuses to immediately execute settlement agreement based 
on the above (e.g. to cease hacking, continue discussion); requests 
time to consider. 


Nintendo emphasizes importance of confidentiality of discussions, 
encourages Neimod to decide to communicate with Nintendo within 
certain time period regarding his intentions (e.g. 1 week). 


Nintendo continues to monitor Internet for any release of information 
regarding the visit, publication via various blogs, pirate web sites, 
gamer media, etc. 


ALTERNATIVE 
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10:00 AM: Neimod and Team meet to discuss “carrots” in more detail 


(0) 


NERD heavily involved in discussion of potential collaborative efforts 
and initial suggestion of a “Bounty” program 


Neimod agrees in principle to discontinue hacking activity aimed at 
Nintendo, however further discussion on details of collaborative 
relationship required at later date (e.g. following week). Contract to be 
executed at later date 


Neimod executes settlement agreement based on the above (e.g. 
cease hacking, continue discussion). 


ALTERNATIVE 


10:00 AM: Neimod and Team meet to discuss “carrots” in more detail 


(0) 


NERD heavily involved in discussion of potential collaborative efforts 
and initial suggestion of a “Bounty” program 


Neimod agrees to discontinue hacking activity aimed at Nintendo and 
is receptive to discussion on details of collaborative relationship. 


Neimod executes settlement agreement based on the above (e.g. 
cease hacking). 


Neimod and Nerd discuss and arrive at a mutually acceptable initial 
plan for Neimod’s services in exchange for some reward or payment. 
Nintendo and Local 


Counsel (French Counsel with input from Belgian Counsel as needed) 
to finalize contract for the parties’ execution, pending NCL’s guidance 
and approval. 


Wednesday or Thursday April 17/18th, 2013 (depending on travel) 


o NOA to provide NCL with a report detailing the Knock and Talk with a 


summary of events, discussions, key learnings, and proposed next 
steps. 
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FINAL RECOMMENDATION 


NOA recommends initiating the Knock-and-Talk in the next 6 weeks during 
which time: 

o NOA will closely collaborate with NERD in preparation for the 
discussion with Neimod and refine the “Carrots” if necessary (with 
NCL’s approval) 

o NOA will update NCL of any changes in intelligence/evidence which in 
NOA/ Nerd’s opinion could materially alter the outcome of the knock 
and talk, negatively impact PR, or otherwise result in negative 
repercussions for Nintendo. 

o NOA to finalize draft “Bounty” employment contract with NERD and 
local counsel for NCL’s review. 

o NOA to continue Online and physical investigation to monitor activity 
and prepare for Knock and Talk discussion. 


